PT-2007-7324 · Falcon · Falcon Series One Cms

Mhz91

Published

2007-12-20

Updated

2017-09-29

CVE-2007-6490

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Falcon Series One CMS version 1.4.3

Description A cross-site request forgery (CSRF) issue allows remote attackers to change a password via a certain "changepass" action to "index.php".

Recommendations For Falcon Series One CMS version 1.4.3, update to a version that fixes this issue, as using the "changepass" action in "index.php" can lead to unauthorized password changes.

Exploit

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2007-6490

Affected Products

Falcon Series One Cms

PT-2007-7324 · Falcon · Falcon Series One Cms

CVE-2007-6490

Weakness Enumeration

Related Identifiers

Affected Products

References · 5